Can I check whether an IoC/hash is already monitored by MDE?
The list of IoC is limited to 15k. I imagine some IoCs entries from our "custom list" are already monitored by Microsoft/MDE. So, is there a way to check whether there is a detection rule for a specific IoC (hash)? This would save us some thousand entries and improve our monitoring coverage. *Better to join forces than reinvent the wheel.
Permission required to import to Indicators page? Error "Failed to Import Indicators"
Hello, Do you need the permission "Manage security settings in Security Center" in order to import xslx to Indicators? User getting error "Failed to import indicators. User is not exposed to all Indicator's machine groups. Contact your administrator for further information." User is in role. Role is setup with a group that has all the permissions expect "Manage security settings in Security Center". Role also has access to device groups that are setup. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/user-roles?view=o365-worldwide#permission-options -Link above doesn't list "Indicators" in permission options Can not find the answer based on Googling Thanks!Indicators enhancements: Allow/Block by certificates & more
We’re excited to share that you can now set an indicator to prevent and exclude entities based on certificate information. In addition, the alert and block action on files can now be applied on files signed by trusted publishers. We have also increased the number of custom indicators you can create from 5,000 to 15,000.
